Step 8: Install cert-manager

This step explains how to download and install cert-manager, required for Apigee hybrid to operate.

Install cert-manager

1. Use the following command to install cert-manager v1.13.0 from GitHub.

   kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.0/cert-manager.yaml

   You should see a response that the cert-manager namespace and several cert-manager resources have been created. For example:

   customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io configured
   customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io configured
   ...
   mutatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook configured
   validatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook configured
   

2. Use the following command to verify the successful creation of cert-manager namespace and its corresponding components:

   kubectl get all -n cert-manager -o wide

   Your output should be similar to the following example. You should see pods for cert-manager, cert-manager-cainjector, and cert-manager-webhook.

     NAME                                         READY    STATUS   RESTARTS   AGE     IP           NODE                                    NOMINATED NODE   READINESS GATES
     pod/cert-manager-abcd1234-7hkt9               1/1     Running   0          35s   10.20.x.x    gke-hybrid-on-apigee-data-abcd1234-3d54   <none>           <none>
     pod/cert-manager-cainjector-abcd1234-6lb4k    1/1     Running   0          35s   10.20.x.x    gke-hybrid-apigee-runtime-abcd1234-5hmn   <none>           <none>
     pod/cert-manager-webhook-abcd1234-c8bg9       1/1     Running   0          35s   10.20.x.x    gke-hybrid-apigee-runtime-abcd1234-fk39   <none>           <none>
   
     NAME                           TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)    AGE   SELECTOR
     service/cert-manager           ClusterIP   10.24.x.x      <none>        9402/TCP   35s   app.kubernetes.io/component=controller,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cert-manager
     service/cert-manager-webhook   ClusterIP   10.24.x.x      <none>        443/TCP    35s   app.kubernetes.io/component=webhook,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=webhook
   
     NAME                                      READY   UP-TO-DATE   AVAILABLE   AGE   CONTAINERS                IMAGES                                             SELECTOR
     deployment.apps/cert-manager              1/1     1            1           35s   cert-manager-controller   quay.io/jetstack/cert-manager-controller:v1.13.0   app.kubernetes.io/component=controller,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cert-manager
     deployment.apps/cert-manager-cainjector   1/1     1            1           35s   cert-manager-cainjector   quay.io/jetstack/cert-manager-cainjector:v1.13.0   app.kubernetes.io/component=cainjector,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cainjector
     deployment.apps/cert-manager-webhook      1/1     1            1           35s   cert-manager-webhook      quay.io/jetstack/cert-manager-webhook:v1.13.0      app.kubernetes.io/component=webhook,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=webhook
   
     NAME                                                DESIRED   CURRENT   READY   AGE   CONTAINERS                IMAGES                                             SELECTOR
     replicaset.apps/cert-manager-abcd1234                1         1         1       35s   cert-manager-controller   quay.io/jetstack/cert-manager-controller:v1.13.0   app.kubernetes.io/component=controller,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cert-manager,pod-template-hash=abcd1234
     replicaset.apps/cert-manager-cainjector-abcd1234     1         1         1       35s   cert-manager-cainjector   quay.io/jetstack/cert-manager-cainjector:v1.13.0   app.kubernetes.io/component=cainjector,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=cainjector,pod-template-hash=abcd1234
     replicaset.apps/cert-manager-webhook-abcd1234        1         1         1       35s   cert-manager-webhook      quay.io/jetstack/cert-manager-webhook:v1.13.0      app.kubernetes.io/component=webhook,app.kubernetes.io/instance=cert-manager,app.kubernetes.io/name=webhook,pod-template-hash=abcd1234

Summary

You now have cert-manager installed, and you are ready to install the Apigee hybrid custom resource definitions (CRDs).

Next step

1 2 3 4 5 6 7 8 (NEXT) Step 9: Install the CRDs 10 11 12